Skip to content

fix(deps): update non-minor dependencies #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update non-minor dependencies #26

renovate wants to merge 1 commit into from
+68 −25

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Oct 27, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence Type Update
github.com/cert-manager/cert-manager v1.19.1v1.19.2 age confidence require patch
github.com/onsi/ginkgo/v2 v2.27.1v2.27.4 age confidence require patch
github.com/sap/admission-webhook-runtime v0.1.73v0.1.80 age confidence require patch
github.com/sap/component-operator-runtime v0.3.115v0.3.127 age confidence require patch
github.com/sap/go-generics v0.2.42v0.2.47 age confidence require patch
go (source) 1.25.31.25.5 age confidence golang patch
golang 1.25.31.25.5 age confidence stage patch
k8s.io/apimachinery v0.35.0-alpha.2v0.35.0 age confidence require patch
sigs.k8s.io/controller-runtime v0.22.3v0.22.4 age confidence require patch
sigs.k8s.io/controller-runtime/tools/setup-envtest fb2beab0c3a910 age confidence require digest

Release Notes

cert-manager/cert-manager (github.com/cert-manager/cert-manager)

v1.19.2

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We updated Go to fix some vulnerabilities in the standard library.

📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.

Changes since v1.19.1

Bug or Regression
  • Address false positive vulnerabilities CVE-2025-47914 and CVE-2025-58181 which were reported by Trivy. (#​8283, @​SgtCoDFish)
  • Update Go to v1.25.5 to fix CVE-2025-61727 and CVE-2025-61729 (#​8294, @​wallrj-cyberark)
  • Update global.nodeSelector to helm chart to perform a merge and allow for a single nodeSelector to be set across all services. (#​8233, @​cert-manager-bot)
Other (Cleanup or Flake)
onsi/ginkgo (github.com/onsi/ginkgo/v2)

v2.27.4

Compare Source

2.27.4

Fixes
  • CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

v2.27.3

Compare Source

2.27.3

Fixes

report exit result in case of failure [1c9f356]
fix data race [ece19c8]

v2.27.2

Compare Source

2.27.2

Fixes
  • inline automaxprocs to simplify dependencies; this will be removed when Go 1.26 comes out [a69113a]
Maintenance
  • Fix syntax errors and typo [a99c6e0]
  • Fix paragraph position error [f993df5]
sap/admission-webhook-runtime (github.com/sap/admission-webhook-runtime)

v0.1.80

Compare Source

v0.1.79

Compare Source

v0.1.78

Compare Source

v0.1.77

Compare Source

v0.1.76

Compare Source

v0.1.75

Compare Source

v0.1.74

Compare Source

sap/component-operator-runtime (github.com/sap/component-operator-runtime)

v0.3.127

Compare Source

Fixes/Enhancements

  • Clear finalizers when orphaning: the framework protects certain dependent objects (i.e. CustomResourceDefinition and APIService) by adding an own finalizer. Now if such a dependent object is orphaned (e.g. through the delete-policy: orphan annotation), then this finalizer should be removed. Note that this situation might also occur if we render a Helm chart (by HelmGenerator) using helm.sh/resource-policy: keep. This is fixed by this release: from now on, when orphaning objects, our finalizer is cleared from the protected objects.

  • Allow to suppress events on dependents: in some cases, the framework does not have permission to create events on the target (e.g. if a kubeconfig or impersonation is used). Now, by setting the annotation

    <operator name>/disable-events: "true"

    on the component, emitting events can be suppressed. In a later phase, we might formalize this annotation into a Configuration interface.

  • Enhance scaffolded Helm chart: the chart generated by scaffold now has options to tweak the containedPodDisruptionBudget.

v0.3.126

Compare Source

Disclaimer

This release contains incompatible changes:

  • Consumers must regenerate code and CRDs.
  • Furthermore, the helm builtin variables .Release.IsInstall and .Release.IsUpgrade behave a differently (but more in line with the original helm behaviour); also the handling of hooks has changes; see below.

Incompatible changes/enhancements

This release introduces a new status field: status.revision. The initial value of the field is zero. It is increased by one, whenever a changed component digest is applied to the cluster; to be precise, that means:

  • status.processingDigest changes compared to the last reconcile iteration
  • reconciler.Apply() is called.

Notes:

  • it is possible that status.processingDigest changes, but status.revision is not increased; that can happen, if no 'apply' happens; for example, if an early requeue happens (e.g. due to a RetriableError)
  • revision (obviously) stays constant, once a deletion timestamp is present.

The new status.revision attribute allows us to improve the behaviour of the HelmGenerator. First of all, the helm.Release.Revision builtin is now supported, and populated by the value of the component's status.revision. Furthermore, previously, it was not really possible to distinguish between 'install' and 'upgrade' invocations. As a consequence, .Release.IsInstall was always set to true, .Release.IsUpgrade was always set to false, and certain hook combinations using (pre|post)-install, (pre|post)-upgrade were not supported. With this PR, we set .Release.IsInstall to true if and only if status.revision == 1, and we set .Release.IsUpgrade to the inverse value of .Release.IsInstall. Furthermore, all combinations of the (pre|post)-(install|upgrade) hooks are accepted (but still might be treated slightly different, compared to the original helm behaviour).

Finally, note that the status.revision value is accessible also with KustomizeGenerator, through the new template function componentRevision.

v0.3.125

Compare Source

Enhancements

So far, instances of the KustomizeGenerator are 'fenced' to the directory which is passed as kustomizationPath when instantiating it. That means:

  • their kustomization.yaml (if present) cannot reference resources (bases) or patches outside that directory, such as ../bases
  • the readFile template function cannot reference files outside kustomizationPath.

This gap is addressed by this release: two new attributes are recognized in .component-config.yaml:

  • includedKustomizations: []string: a list of directory paths relative to kustomizationPath; targeted directories are treated as own components, rendered with the including component's parameters (values), and then supplied to kustomize at the identical path
  • includedFiles: []string: a list of paths relative to kustomizationPath (single files or directories); all referenced files (recursively in case a directory is specified) can be used with readFile.

Recursive inclusions are possible, but must not lead to cycles (there is a circuit breaking logic that will fail the generator in case of cycles).

Example:

# mycomp/.component-config.yaml
includedFiles:
- ../meta.yaml
includedKustomizations:
- ../bases

Then, mycomp/kustomization.yaml can reference ../bases, such as

# mycomp/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../bases

# ...

and templates in mycomp can call readFile "../meta.yaml".

Refactorings

  • A step towards the standard 'errors' package is made. That is, any references to utilerrors.NewAggregate() and multierror.Append() are replaced by errors.Join(). Note that errors produced by errors.Join() support both errors.Is() and errors.As().
    Furthermore, all imports of the deprecated 'github.com/pkg/errors' package are aliased as 'legacyerrors'. The only remaining usage of 'legacyerrors' should be legacyerrors.Wrap() and legacyerrors.Wrapf(). In a later phase, we will replace these by fmt.Errorf() with %w.

  • The K8s client handling in component.Reconcile() is revisited. That is, instead of using the manager's client (i.e. mgr.GetClient()) for the component reconciler (that is the client interacting with the component resources), we construct a dedicated client from mgr.GetConfig() and mgr.GetScheme(). Notes:

    • the manager's scheme is still required to recognize the component's group and the corev1 group.
    • the constructed clients will emit our metrics (which was not the case before)
    • hooks and implementations of component.Reference[T] still use the manager's client.

v0.3.124

Compare Source

v0.3.123

Compare Source

v0.3.122

Compare Source

v0.3.121

Compare Source

v0.3.120

Compare Source

v0.3.119

Compare Source

v0.3.118

Compare Source

Enhancements

Kustomize generator

This release add three new template functions to the KustomizeGenerator:

  • lookupList <apiVersion> <kind> <namespace> <labelSelector>
  • localLookupList <apiVersion> <kind> <namespace> <labelSelector>
  • lookupListWithKubeConfig <apiVersion> <kind> <namespace> <labelSelector> <kubeConfig>

They can be used to list objects (optionally by a label selector) from the Kubernetes API. To be called like this:

{{- $objects := lookupList "v1" "Secret" "kube-system" "mylabel=myvalue }}

The 'local' variant uses the effective local (controller-side) kubeconfig (in case of remotely deployed components).
The 'WithKubeConfig' variant takes an arbitrary kubeconfig (as string) as last argument.

All three methods return an array of map[string]any, representing the found resources.

For namespaced objects, if the given namespace is empty, objects are selected from all namespaces. For non-namespaced objects, the namespace should be specified empty. An empty selector means: 'select everything'.

v0.3.117

Compare Source

v0.3.116

Compare Source

sap/go-generics (github.com/sap/go-generics)

v0.2.47

Compare Source

v0.2.46

Compare Source

v0.2.45

Compare Source

v0.2.44

Compare Source

v0.2.43

Compare Source

golang/go (go)

v1.25.5

v1.25.4

kubernetes/apimachinery (k8s.io/apimachinery)

v0.35.0

Compare Source

v0.35.0-rc.1

Compare Source

v0.35.0-rc.0

Compare Source

v0.35.0-beta.0

Compare Source

v0.35.0-alpha.3

Compare Source

kubernetes-sigs/controller-runtime (sigs.k8s.io/controller-runtime)

v0.22.4

Compare Source

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.22.3...v0.22.4

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate-approve[bot]
renovate-approve bot previously approved these changes Oct 27, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from 6bdfb33 to 47c531a Compare October 27, 2025 08:52
@renovate renovate bot changed the title fix(deps): update sigs.k8s.io/controller-runtime/tools/setup-envtest digest to 8d3d09d fix(deps): update non-minor dependencies Oct 27, 2025
renovate-approve[bot]
renovate-approve bot previously approved these changes Oct 27, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from 47c531a to 47fa26c Compare October 27, 2025 23:06
renovate-approve[bot]
renovate-approve bot previously approved these changes Oct 27, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from 47fa26c to 7d4dfe0 Compare October 28, 2025 08:59
renovate-approve[bot]
renovate-approve bot previously approved these changes Oct 28, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from 7d4dfe0 to d314216 Compare October 30, 2025 03:03
renovate-approve[bot]
renovate-approve bot previously approved these changes Oct 30, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from d314216 to b028878 Compare October 30, 2025 13:48
renovate-approve[bot]
renovate-approve bot previously approved these changes Oct 30, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from b028878 to b0edf25 Compare October 31, 2025 17:04
renovate-approve[bot]
renovate-approve bot previously approved these changes Oct 31, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from b0edf25 to dc5e5cf Compare November 1, 2025 13:01
renovate-approve[bot]
renovate-approve bot previously approved these changes Nov 1, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from dc5e5cf to 2b3e252 Compare November 1, 2025 18:28
renovate-approve[bot]
renovate-approve bot previously approved these changes Nov 1, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from b631156 to 91e94fe Compare December 18, 2025 13:13
renovate-approve[bot]
renovate-approve bot previously approved these changes Dec 18, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from 91e94fe to 0803ddc Compare December 19, 2025 15:00
renovate-approve[bot]
renovate-approve bot previously approved these changes Dec 19, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from 0803ddc to 1d7d150 Compare December 22, 2025 09:37
renovate-approve[bot]
renovate-approve bot previously approved these changes Dec 22, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from 1d7d150 to 2f4e46a Compare December 22, 2025 17:47
renovate-approve[bot]
renovate-approve bot previously approved these changes Dec 22, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from 2f4e46a to 7443b79 Compare January 3, 2026 21:50
renovate-approve[bot]
renovate-approve bot previously approved these changes Jan 3, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from 7443b79 to f0ee7a4 Compare January 6, 2026 20:46
renovate-approve[bot]
renovate-approve bot previously approved these changes Jan 6, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from f0ee7a4 to 63d02fa Compare January 7, 2026 20:48
renovate-approve[bot]
renovate-approve bot previously approved these changes Jan 7, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from 63d02fa to 82a3666 Compare January 8, 2026 18:51
renovate-approve[bot]
renovate-approve bot previously approved these changes Jan 8, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from 82a3666 to 5fa659d Compare January 9, 2026 09:37
renovate-approve[bot]
renovate-approve bot previously approved these changes Jan 9, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/non-minor-deps branch from 5fa659d to 8b8837b Compare January 9, 2026 17:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

Assignees

No one assigned

Labels

dependencies sap-cs-devops

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant